Bug 184256 Canedit group_control_map entry does not prevent making attachments

r=bbaetz
a=justdave

diff --git a/Attachment.pm b/Attachment.pm
index 27d7fa2cab76ce3749beefea0c16dccaa877020b..322a3b2bab17e441dc517ea283ec1d1814b9684a 100644 (file)
--- a/Attachment.pm
+++ b/Attachment.pm
@@ -65,6 +65,11 @@ sub query
   my ($bugid) = @_;
 
   my $in_editbugs = &::UserInGroup("editbugs");
+  &::SendSQL("SELECT product_id
+           FROM bugs 
+           WHERE bug_id = $bugid");
+  my $productid = &::FetchOneColumn();
+  my $caneditproduct = &::CanEditProductId($productid);
 
   # Retrieve a list of attachments for this bug and write them into an array
   # of hashes in which each hash represents a single attachment.
@@ -88,8 +93,8 @@ sub query
     # ie the are the submitter, or they have canedit.
     # Also show the link if the user is not logged in - in that cae,
     # They'll be prompted later
-    $a{'canedit'} = ($::userid == 0 || $submitter_id == $::userid ||
-                     $in_editbugs);
+    $a{'canedit'} = ($::userid == 0 || (($submitter_id == $::userid ||
+                     $in_editbugs) && $caneditproduct));
     push @attachments, \%a;
   }
   

diff --git a/Bugzilla/Attachment.pm b/Bugzilla/Attachment.pm
index 27d7fa2cab76ce3749beefea0c16dccaa877020b..322a3b2bab17e441dc517ea283ec1d1814b9684a 100644 (file)
--- a/Bugzilla/Attachment.pm
+++ b/Bugzilla/Attachment.pm
@@ -65,6 +65,11 @@ sub query
   my ($bugid) = @_;
 
   my $in_editbugs = &::UserInGroup("editbugs");
+  &::SendSQL("SELECT product_id
+           FROM bugs 
+           WHERE bug_id = $bugid");
+  my $productid = &::FetchOneColumn();
+  my $caneditproduct = &::CanEditProductId($productid);
 
   # Retrieve a list of attachments for this bug and write them into an array
   # of hashes in which each hash represents a single attachment.
@@ -88,8 +93,8 @@ sub query
     # ie the are the submitter, or they have canedit.
     # Also show the link if the user is not logged in - in that cae,
     # They'll be prompted later
-    $a{'canedit'} = ($::userid == 0 || $submitter_id == $::userid ||
-                     $in_editbugs);
+    $a{'canedit'} = ($::userid == 0 || (($submitter_id == $::userid ||
+                     $in_editbugs) && $caneditproduct));
     push @attachments, \%a;
   }
   

diff --git a/attachment.cgi b/attachment.cgi
index 27c2c107c16909e16266c874c8537bd0a4d7e369..5c3ce09ace0f292b4af157f76db7f31c27cbe987 100755 (executable)
--- a/attachment.cgi
+++ b/attachment.cgi
@@ -77,12 +77,14 @@ elsif ($action eq "enter")
 { 
   confirm_login();
   ValidateBugID($::FORM{'bugid'});
+  validateCanChangeBug($::FORM{'bugid'});
   enter(); 
 }
 elsif ($action eq "insert")
 {
   confirm_login();
   ValidateBugID($::FORM{'bugid'});
+  validateCanChangeBug($::FORM{'bugid'});
   ValidateComment($::FORM{'comment'});
   validateFilename();
   validateIsPatch();
@@ -105,6 +107,7 @@ elsif ($action eq "update")
   ValidateComment($::FORM{'comment'});
   validateID();
   validateCanEdit($::FORM{'id'});
+  validateCanChangeAttachment($::FORM{'id'});
   validateDescription();
   validateIsPatch();
   validateContentType() unless $::FORM{'ispatch'};
@@ -171,6 +174,29 @@ sub validateCanEdit
       || ThrowUserError("illegal_attachment_edit");
 }
 
+sub validateCanChangeAttachment 
+{
+    my ($attachid) = @_;
+    SendSQL("SELECT product_id
+             FROM attachments, bugs 
+             WHERE attach_id = $attachid
+             AND bugs.bug_id = attachments.bug_id");
+    my $productid = FetchOneColumn();
+    CanEditProductId($productid)
+      || ThrowUserError("illegal_attachment_edit");
+}
+
+sub validateCanChangeBug
+{
+    my ($bugid) = @_;
+    SendSQL("SELECT product_id
+             FROM bugs 
+             WHERE bug_id = $bugid");
+    my $productid = FetchOneColumn();
+    CanEditProductId($productid)
+      || ThrowUserError("illegal_attachment_edit");
+}
+
 sub validateDescription
 {
   $::FORM{'description'}